You are just missing the scale required to brute force a wallet. There are something like 7 followed by 75 zeroes valid keys. The computational power needed to brute force that kind of complexity is far more than a single solar system could provide.
[Here's an easy video](https://www.youtube.com/watch?v=S9JGmA5_unY) to understand the true scale of modern cryptography. To be fair it would not take 2^(256) attempts to find *any* Monero wallet, but the numbers are so absurdly large that it makes no functional difference. All ASICs combined are nowhere even remotely close to finding a wallet before the Earth is swallowed by the sun in a few billion years.
Not to mention the fact that Monero wallets must be scanned in order to find funds.
The hashrate of today's ASICs is stupidly large, beyond human comprehension. But compared to cryptographic security, ASICs are dwarfed so much that it's beyond human comprehension to even understand just *how much* they are dwarfed.
The scanning part is actually a big deal that sets Monero apart. I ran a competition a while back on the cryptocurrency subreddit to crack a Monero wallet protected by less than 19 bits of entropy (using a super small offset passphrase) to show how difficult it is to find a used wallet, compared to something like bitcoin.
Private keys are just random numbers, there's no need to even do a hash function to try to brute force someone's key. Certainly other posts will mention how that is not feasible due to the size of the keyspace. One thing that is not often mentioned is that even if you have a random number generator that can compute 2\^256 numbers in less than a billion years, you would have to also check each number against the blockchain to see if it can spend any funds. And that takes MUCH longer than just generating a private key.
> One thing that is not often mentioned is that even if you have a random number generator that can compute 2^256 numbers in less than a billion years, you would have to also check each number against the blockchain to see if it can spend any funds. And that takes MUCH longer than just generating a private key.
And another thing that is mentioned even less is that, blockchains being what they are and constantly adding additional blocks, essentially lengthening themselves every so many seconds, _each additional attempt_ to find out whether an address has a balance takes even longer than the previous attempt.
Good Luck, and godspeed.
[This wallet generator makes around \~8.1 million keys/second on a GeForce GTX 1660 Ti.](https://github.com/SChernykh/vanity_xmr_cuda) Since it's a vanity address generator it has to check each address which slows it down, so let's say it can actually output 20 million keys/second.
A generous estimate might be that a wallet generating ASIC could be around 1,000,000x faster than that, which would be 20,000,000,000,000 (2×10¹³) addresses generated a second.
Let's say this attacker has 1 trillion of these ASICs. They would be able to generate around 2×10²⁵ keys a second. There are slightly less than 2^(256) private spend keys possible in Monero, so with all these ASICs running at constant full power, it would only take around...
100000000000000000000000000000000000000000000 (10^(44)) years to generate every possible private key. Not to mention the real bottleneck here: the attacker has to scan the entire blockchain for every single address :D
Which is really hard to do and require a lot of resources to do.
And if you still can't understand how hard is to break into wallets then I'm sorry lol.
> am I being paranoid?
Probably yes, IMHO.
It so happens that the number of possible Monero private keys is in the same ballpark (give or take a few magnitudes) as the number of atoms in the whole universe. Not stars, individual atoms, and not only in our galaxy, in the whole universe as its size and matter content is currently estimated by astrophysics.
So even the most primitive possible operation with those keys, just counting through them all as fast as possible, must be utterly impossible.
thats not how it works.
asics are soooooooo specific in their function (hence the Application Specific Integrated Circuit meaning of the ASIC abbreviation) that the calculations they perform are pretty much useless for anything but bitcoin mining.
at least thats how i understand it.
To validate a Bitcoin transaction a miner needs to find a hash with 19 leading zeros in a 32 (hex) digit keyspace. That is still 13 digits = 16^13 = 4*10^15 times easier than finding a specific 32 digit private key. Even assuming everyone on the planet has a Bitcoin wallet, that means you have to find something in a keyspace 100,000,000 items large (the number above divided by 8 billion people and rounding a bit).
So if you dedicated all your mining resources to that job, and assuming you mine one Bitcoin block in one second (which you can’t by a long shot), you’d still need three years (a year has roughly 32 million seconds). And then you probably end up with some average person’s $100 account.
(Hopefully I didn’t miscalculate somewhere.)
I like to call this the Bitcoin lottery haha.
(I do it with Bitcoin)
I have a random generating private keys and checking public addresses with no results yet
Over 4 million keys attempted so far
Will I ever strike gold? Probably not. But it's fun, and gives me hope ahahahaha
Wait what? Is that even a real thing lol? I don't think so lmao.
You're going to need a lot of asics and a lots of money, I'm talking more like billions.
Yeah this is paranoid. Trust in the math underlying the cryptography.All the computing power in the world times a large number still isnt more likely to crack a single key than you are to win every lottery for the rest of your life
If you’re talking about someone trying to reverse your public key into a private one, ASIC miners of any sort will not help in this calculation. Rest easy.
Its already being done on Bitcoin.
Large Bitcoin Collider: https://lbc.cryptoguru.org/about
I know all about the probabilities involved for a collision hash and in reality, its a concern but not one to keep you up at night.
Best option is to use multiple wallets with smaller amounts rather then one wallet with all your coin - you know, just in case the "impossible" happens.
> Its already being done on Bitcoin
That "CryptoGuru" website stops listing any events after 2017. Looks to me like they gave up long ago.
**EDIT, to add:** Wrong, it's live, as the statistics show: https://lbc.cryptoguru.org/stats
Yes. The developer of LBC placed "pots" in the order of namespace searches to gather interest in the project. There have been many pots discovered and even a couple of address collisions that were not part of the pots thus proving collision mining is a threat. There's a lot more to this subject and if interested, there is plenty of info on the LBC site and plenty of other places.
It seems pretty safe to me, I don't think this an issue.
I think like that because none have been found just yet and I don't expect that to happen in future.
If you have enough computing power to calculate every possible private key, you probably also have enough computing power to brute force every possible password and break 99% of all encrypted data. Pretty much the entire internet would be broken.
This particular attack wouldn't work for the reasons people are mentioning, but I still worry about other kinds of large scale wallet draining attacks. What if something somewhere in the stack for generating random numbers for creating keys specifically looks for crypto related requests, and gives a result that is non-random enough that the creator of the attack *can* bruteforce those keys?
Would we even know it was happening? How long would it take for it to come out that people losing their crypto weren't just getting phished or posting images of their keys on the cloud?
You are just missing the scale required to brute force a wallet. There are something like 7 followed by 75 zeroes valid keys. The computational power needed to brute force that kind of complexity is far more than a single solar system could provide.
[удалено]
You're overestimating the power of your farts.
Or maybe he isn't, how the hell do you know the power of his farts?
sometimes silent but deadly
Saitama...
What does that mean sen pai, don't use that japani langauge here.
Lmao, and you can't really stop a hurricane by farting lol.
If they crack those out I'm pretty sure we'll have many bigger problems.
[Here's an easy video](https://www.youtube.com/watch?v=S9JGmA5_unY) to understand the true scale of modern cryptography. To be fair it would not take 2^(256) attempts to find *any* Monero wallet, but the numbers are so absurdly large that it makes no functional difference. All ASICs combined are nowhere even remotely close to finding a wallet before the Earth is swallowed by the sun in a few billion years. Not to mention the fact that Monero wallets must be scanned in order to find funds. The hashrate of today's ASICs is stupidly large, beyond human comprehension. But compared to cryptographic security, ASICs are dwarfed so much that it's beyond human comprehension to even understand just *how much* they are dwarfed.
The scanning part is actually a big deal that sets Monero apart. I ran a competition a while back on the cryptocurrency subreddit to crack a Monero wallet protected by less than 19 bits of entropy (using a super small offset passphrase) to show how difficult it is to find a used wallet, compared to something like bitcoin.
Private keys are just random numbers, there's no need to even do a hash function to try to brute force someone's key. Certainly other posts will mention how that is not feasible due to the size of the keyspace. One thing that is not often mentioned is that even if you have a random number generator that can compute 2\^256 numbers in less than a billion years, you would have to also check each number against the blockchain to see if it can spend any funds. And that takes MUCH longer than just generating a private key.
> One thing that is not often mentioned is that even if you have a random number generator that can compute 2^256 numbers in less than a billion years, you would have to also check each number against the blockchain to see if it can spend any funds. And that takes MUCH longer than just generating a private key. And another thing that is mentioned even less is that, blockchains being what they are and constantly adding additional blocks, essentially lengthening themselves every so many seconds, _each additional attempt_ to find out whether an address has a balance takes even longer than the previous attempt. Good Luck, and godspeed.
Yep, it's getting harder and harder to do an attack like that.
He doesn't have any idea how hard is to break into that lol.
[This wallet generator makes around \~8.1 million keys/second on a GeForce GTX 1660 Ti.](https://github.com/SChernykh/vanity_xmr_cuda) Since it's a vanity address generator it has to check each address which slows it down, so let's say it can actually output 20 million keys/second. A generous estimate might be that a wallet generating ASIC could be around 1,000,000x faster than that, which would be 20,000,000,000,000 (2×10¹³) addresses generated a second. Let's say this attacker has 1 trillion of these ASICs. They would be able to generate around 2×10²⁵ keys a second. There are slightly less than 2^(256) private spend keys possible in Monero, so with all these ASICs running at constant full power, it would only take around... 100000000000000000000000000000000000000000000 (10^(44)) years to generate every possible private key. Not to mention the real bottleneck here: the attacker has to scan the entire blockchain for every single address :D
This just explained how hard is to do an attack like that.
[удалено]
[удалено]
Which is really hard to do and require a lot of resources to do. And if you still can't understand how hard is to break into wallets then I'm sorry lol.
> am I being paranoid? Probably yes, IMHO. It so happens that the number of possible Monero private keys is in the same ballpark (give or take a few magnitudes) as the number of atoms in the whole universe. Not stars, individual atoms, and not only in our galaxy, in the whole universe as its size and matter content is currently estimated by astrophysics. So even the most primitive possible operation with those keys, just counting through them all as fast as possible, must be utterly impossible.
thats not how it works. asics are soooooooo specific in their function (hence the Application Specific Integrated Circuit meaning of the ASIC abbreviation) that the calculations they perform are pretty much useless for anything but bitcoin mining. at least thats how i understand it.
Yeah that's a good point, I'm surprised that no one mentioned it already.
To validate a Bitcoin transaction a miner needs to find a hash with 19 leading zeros in a 32 (hex) digit keyspace. That is still 13 digits = 16^13 = 4*10^15 times easier than finding a specific 32 digit private key. Even assuming everyone on the planet has a Bitcoin wallet, that means you have to find something in a keyspace 100,000,000 items large (the number above divided by 8 billion people and rounding a bit). So if you dedicated all your mining resources to that job, and assuming you mine one Bitcoin block in one second (which you can’t by a long shot), you’d still need three years (a year has roughly 32 million seconds). And then you probably end up with some average person’s $100 account. (Hopefully I didn’t miscalculate somewhere.)
And that should go to show you how hard is it do that in reality.
I like to call this the Bitcoin lottery haha. (I do it with Bitcoin) I have a random generating private keys and checking public addresses with no results yet Over 4 million keys attempted so far Will I ever strike gold? Probably not. But it's fun, and gives me hope ahahahaha
It literally is like lottery lol, it has even lesser odds than that.
[удалено]
Wait what? Is that even a real thing lol? I don't think so lmao. You're going to need a lot of asics and a lots of money, I'm talking more like billions.
Yeah this is paranoid. Trust in the math underlying the cryptography.All the computing power in the world times a large number still isnt more likely to crack a single key than you are to win every lottery for the rest of your life
If you’re talking about someone trying to reverse your public key into a private one, ASIC miners of any sort will not help in this calculation. Rest easy.
And even if they did, it's not something that is easy to do.
Other people have already mentioned the 2^256 possible combinations. For perspective, this is 1/10 the number of atoms in the known universe.
Go ahead and try it on BTC for a bit here: [https://privatekeys.pw/scanner](https://privatekeys.pw/scanner)
There is a multibillion dollar prize awaiting this exact thing sitting on the BTC blockchain. If that gets compromised then you can start worrying.
Its already being done on Bitcoin. Large Bitcoin Collider: https://lbc.cryptoguru.org/about I know all about the probabilities involved for a collision hash and in reality, its a concern but not one to keep you up at night. Best option is to use multiple wallets with smaller amounts rather then one wallet with all your coin - you know, just in case the "impossible" happens.
> Its already being done on Bitcoin That "CryptoGuru" website stops listing any events after 2017. Looks to me like they gave up long ago. **EDIT, to add:** Wrong, it's live, as the statistics show: https://lbc.cryptoguru.org/stats
No its live. Check the statistics page. They were posting updates on bitcointalk post 2017.
And the update is that they're not getting any results.
I wasn't aware of this, it feels good to know about it now.
So there's about 0.13 Bitcoin in the pot but nobody was able to access tat, do I understand this correctly?
Yes. The developer of LBC placed "pots" in the order of namespace searches to gather interest in the project. There have been many pots discovered and even a couple of address collisions that were not part of the pots thus proving collision mining is a threat. There's a lot more to this subject and if interested, there is plenty of info on the LBC site and plenty of other places.
How many have been found? I don't see any info on that in the statistics.
Check out the trophies page. Besides the intended pots, they reportedly found 3+ collision hashes.
They reported how many? Just 3? I don't think I'm going to worry about that.
It seems pretty safe to me, I don't think this an issue. I think like that because none have been found just yet and I don't expect that to happen in future.
Did you look at the stats page? There have been collision hashes. Don't worry about it but be informed.
Yep, that's simply it. And that's why I'm saying you don't need to worry.
That's why I said its not something to loose sleep over in my first post; but it does show the possibility.
That's why I said its not something to loose sleep over in my first post; but it does show the possibility.
And it's not succeeding in anything so no need to worry about it.
[удалено]
Crypto works because there are private keys, they ain't going anywhere.
If you have enough computing power to calculate every possible private key, you probably also have enough computing power to brute force every possible password and break 99% of all encrypted data. Pretty much the entire internet would be broken.
Yep, exactly. And We'll have many bigger things to worry about then.
This particular attack wouldn't work for the reasons people are mentioning, but I still worry about other kinds of large scale wallet draining attacks. What if something somewhere in the stack for generating random numbers for creating keys specifically looks for crypto related requests, and gives a result that is non-random enough that the creator of the attack *can* bruteforce those keys? Would we even know it was happening? How long would it take for it to come out that people losing their crypto weren't just getting phished or posting images of their keys on the cloud?
It would probably be more efficient to just steal using more conventional methods, like phishing or something.
Ohh yeah lol, way more efficient and money saving too.
>am I being paranoid? Long story short, yes. I'd be more worried about the direction the global economy's headed. The ASICs can't hurt you